SlideShare una empresa de Scribd logo
1 de 25
Descargar para leer sin conexión
The General Data Protection Regulation:
Leveraging Technology for Breach Detection,
Notification, and Response
Ken Durbin, CISSP
Sr. Strategist of Global Government
Affairs and Cyber Security,
Symantec
Legal Disclaimer
The materials contained in this presentation are not intended to provide, and
do not constitute or comprise, legal advice on any particular matter and are
provided for general information purposes only.
You should not act or refrain from acting on the basis of any material
contained in this presentation, without seeking appropriate legal or other
professional advice.
Agenda
GDPR Overview
Breach Notification Examples and Requirements
Technology Considerations for GDPR
GDPR Resources
1
2
3
4
GDPR Overview
Copyright © 2018 Symantec Corporation SYMANTEC PROPRIETARY- LIMITED USE ONLY
EU General Data Protection Regulation (GDPR)
5
28 Interpretations of the Data Protection
Directive
One Data Protection Regulation
Harmonized across all EU member states
TODAY: 2018:
Right to be forgotten Parental Consent Data Protection Officer
Extra-territoriality of GDPR
Fines and penalties
Joint Liability of Controllers and Processors
Mandatory Breach Notification
Copyright © 2018 Symantec Corporation SYMANTEC PROPRIETARY- LIMITED USE ONLY
Who’s Who in the Protection of Personal Data
6
DATA CONTROLLER DATA SUBJECTDATA PROCESSOR
DATA PROTECTION OFFICER
Data Protection Officers are designated persons responsible for making sure the
organization follows the new regulations.
DATA PROTECTION AUTHORITY
Copyright © 2018 Symantec Corporation SYMANTEC PROPRIETARY- LIMITED USE ONLY
Who’s Who in the Protection of Personal Data
The Regulatory Terms of Reference
Article 4 paragraph 12: THE BREACH
What can happen to data?
“… a breach of security leading to the
accidental or unlawful destruction,
loss, alteration, unauthorized
disclosure of, or access to, personal
data transmitted, stored or otherwise
processed”
Recital 75: THE IMPACT
What can happen to the data subject?
“The risk to the rights and freedoms of
natural persons, of varying likelihood
and severity, may result from personal
data processing which could lead to
physical, material or non-material
damage”
GDPR / DPA REQUIREMENT:
Prevent, Detect, Log, Report, Remedy
GDPR / DPA EXPECTATION:
Anticipate, Avoid, Mitigate, Compensate
Copyright © 2018 Symantec Corporation SYMANTEC PROPRIETARY- LIMITED USE ONLY
8
The organization is subject to the GDPR for personal
data processing operations performed by or on behalf
of its entity(-ies) established in the European Union.
The organization is not subject to the GDPR.
Does the organization process personal data?
Article 2(1)
Is the organization established in the European Union?
Article 3(1)
Is the organization established in another location where a
European Member State’s law applies?
Article 3(3)
Does the organization target individuals located in the European
Union with commercial offerings?
Article 3(2)(a)
Does the organization monitor the behavior of individuals
located in the European Union?
Article 3(2)(b)
The organization is subject to the GDPR for personal
data processing operations related to such
commercial offerings to, and/or monitoring of,
individuals located in the European Union.
The organization should appoint a representative in
the European Union.
Article 3(2), Article 27
NO Yes
No Yes
No Yes
No Yes
No Yes
Are You Impacted by the GDPR?
Breach Notification Examples
and Requirements
Copyright © 2018 Symantec Corporation SYMANTEC PROPRIETARY- LIMITED USE ONLY
Breach Notification Requirements
Articles 33, 34, Recitals 83, 85, 86, 87
10
Provision / Requirement What it Means?
Mandatory personal data breach
notification except if the data was
adequately encrypted
If you suffer a data breach, you must
respond to it to understand and minimize
the consequences, and you must report it
within 72 hours to your competent
authority, as well as, if appropriate, also to
the impacted individuals. However no
notification is required to the individuals
where the data was adequately encrypted
Copyright © 2018 Symantec Corporation SYMANTEC PROPRIETARY- LIMITED USE ONLY
Should I Report My Breach?*
11
All breaches recordable under Article 33(5). Breach should be documented and record maintained by the controller.
No requirement to notify supervisory
authority or individuals
The controller becomes “aware” of a personal
data breach and assesses risk to individuals.
Notify competent supervisory authority.
If the breach affects individuals in more
than one Member State, notify the lead
supervisory authority
No requirement to notify individuals.
Notify affected individuals and, where
required, provide information on steps
they can take to protect themselves
from consequences of the breach.
No
Yes
No
Yes
Is the breach
likely to result
in a risk to
individuals’
rights? and
freedoms?
Is the breach
likely to result in
a high risk to
individuals’
rights and
freedoms?
*Based on ARTICLE 29 DATA PROTECTION WORKING PARTY Annex A
Copyright © 2018 Symantec Corporation SYMANTEC PROPRIETARY- LIMITED USE ONLY
Breach Notification Examples*
Example Notify the supervisory authority? Notify the data subject?
A controller stored a backup of an archive
of personal data encrypted on a USB key.
The key is stolen during a break-in.
No. No.
A controller maintains an online service. As
a result of a cyber attack personal data of
individuals are exfiltrated.
Yes, report to the supervisory authority if
there are likely consequences to individuals.
Yes, report to individuals if the severity of
the likely consequences to individuals is
high.
A brief power outage lasting several
minutes at a controller’s call center.
No. No.
A controller suffers a ransomware attack
which results in all data being encrypted.
No back-ups are available and the data
cannot be restored.
Yes, report to the supervisory authority, if
there are likely consequences to individuals
as this is a loss of availability.
Yes, report to individuals the possible effect
of the lack of availability of the data.
A controller operates an online
marketplace. The marketplace suffers a
cyber-attack and usernames, passwords
and purchase history are published online
by the attacker.
Yes, report to lead supervisory authority if
involves cross-border processing.
Yes, as could lead to high risk.
12*Based on ARTICLE 29 DATA PROTECTION WORKING PARTY Annex B
Copyright © 2018 Symantec Corporation SYMANTEC PROPRIETARY- LIMITED USE ONLY
Breach Notification Examples, cont.
Example Notify the supervisory authority? Notify the data subject?
A website hosting company acting as a data
processor identifies an error in the code
which controls user authorization allowing
any user access to the account details of
other user.
As the processor, the website hosting
company must notify its affected clients
(the controllers) without undue delay.
If there is likely no high risk to the
individuals they do not need to be notified.
Medical records in a hospital are
unavailable for the period of 30 hours due
to a cyber-attack.
Yes, the hospital is obliged to notify as high-
risk to patient’s well-being and privacy may
occur.
Yes, report to the affected individuals.
Personal data of a large number of students
are mistakenly sent to the wrong mailing list
with 1000+ recipients.
Yes, report to supervisory authority.
Yes, report to individuals depending on the
scope and type of personal data involved
and the severity of possible consequences.
A direct marketing e-mail is sent to
recipients in the “to:” or “cc:” fields,
thereby enabling each recipient to see the
email address of other recipients.
Yes, notifying the supervisory authority may
be obligatory if a large number of
individuals are affected, and sensitive data
are revealed or if other factors present high
risks (e.g. the mail contains the initial
passwords).
Yes, report to individuals depending on the
scope and type of personal data involved
and the severity of possible consequences.
13*Based on ARTICLE 29 DATA PROTECTION WORKING PARTY Annex B
Technology Considerations
for the GDPR
Preventing, Detecting &
Responding to a Breach
Copyright © 2018 Symantec Corporation SYMANTEC PROPRIETARY- LIMITED USE ONLY



The Symantec Data Loss Prevention Platform
Architecture
23
Copyright © 2018 Symantec Corporation SYMANTEC PROPRIETARY- LIMITED USE ONLY
Encrypt Personal Data with Symantec
The Symantec Encryption Portfolio
16
Protects individual files in
transit and at rest from
unauthorized parties
FILE & FOLDER ENCRYPTION
Protects email in transit
and at rest from
unauthorized parties
EMAIL ENCRYPTION
Renders data at rest on
devices inaccessible to
unauthorized parties
ENDPOINT ENCRYPTION
ENDPOINT ENCRYPTION
MANAGEMENT SERVER
ENCRYPTION MANAGEMENT SERVER
Manages individual and group keys, creates encryption policies, and reports on encryption
status. Third-party encryption management
• BitLocker (Microsoft)
• FileVault (Apple)
• Opal compliant self-encrypting drives
PROTECT
Copyright © 2018 Symantec Corporation SYMANTEC PROPRIETARY- LIMITED USE ONLY
Symantec Cloud Data Protection
Obfuscate Data with Tokenization
Symantec
Cloud Data
Protection
Gateway
Cloud Data Protection
Token Map Repository
User Cloud App
Cloud Application
Example: enterprise defined a policy to protect FIRST
NAME And LAST NAME Fields in ServiceNow
Without impacting the cloud apps’
functionality (e.g. search, sort e-mail)
17PROTECT
Copyright © 2018 Symantec Corporation SYMANTEC PROPRIETARY- LIMITED USE ONLY
Content Analysis (CAS)
Hash Reputation
Dual AV
Predictive File
Analysis
Acceptable files passed through
based on file reputation,
whitelist/blacklist
Signatures evaluated
for known bad
Analyzes code for
malicious character
Broker to Sandbox
ICAP
API
.JAR .EXEPROXY
Symantec Content Analysis and Malware Analysis
Multiple Engines Detect & Prevent Advanced Persistent Threats
18
DETECT
Copyright © 2018 Symantec Corporation SYMANTEC PROPRIETARY- LIMITED USE ONLY
Symantec Security Analytics
Can we quickly and thoroughly notify in the event of a breach?
Within 72 hours of detection,
the notification must:
a) Describe the nature of the personal
data breach including the categories
and number of data subjects
concerned and the categories and
number of data records concerned;
b) Recommend measures to mitigate the
possible adverse effects of the personal
data breach;
c) Describe the consequences of the
personal data breach;
d) Describe the measures proposed or
taken by the controller to address the
personal data breach.
• Security Analytics is able to provide full
context of what happened before,
during, and after a breach, including:
– How the breach occurred
– What data was compromised
– What measures are needed to resolve it
• Find all indicators of compromise
associated with a data breach, including
root cause analysis
• Records of what files were lost or
compromised make it easy identify
personal data records that were lost
19
RESPOND
Copyright © 2018 Symantec Corporation SYMANTEC PROPRIETARY- LIMITED USE ONLY
Symantec Cyber Security Services
Managed Cyber Defense
A Comprehensive Integrated Portfolio for Every Stage of the Attack Lifecycle
Track and Analyze Adversary Groups and Key
Trends and Events around the globe for
Actionable Intelligence
DeepSight
Intelligence
Detect and Proactively Hunt for Targeted
Attacks, Advanced Threats and Campaigns
Managed
Security Services
Respond Quickly and Effectively to Credible
Security Threats and Incidents
Incident
Response
Strengthen Cyber Readiness to Build Employee
Resiliency and Prevent Sophisticated Attacks
Cyber Skills
Development
World-Class Security Expertise > Reactive to Proactive > Integrated, End-to-End Security
Before
an Attack
During
an Attack
After an
Attack
Preparing
for an
Attack
DETECT
RESPOND
PREPARE
Copyright © 2018 Symantec Corporation SYMANTEC PROPRIETARY- LIMITED USE ONLY
Advanced Breach Detection, Remediation, & Notification
ATP
Analytics
Endpoint
Email
Server
Web /
CASB Cyber Security
Services
DLP
CASB
Web
CDPEncryption
Personal Data Protection Everywhere
PROTECTDETECT
RESPOND
RECOVER
Technology Risk Management
DLP
Data Insight
CASB
Audit
CCS
EPM
Understand
Data Risk
Understand,
Report, and
Remediate
Compliance
Unparalleled Threat
Intelligence
Endpoint
175M
endpoints
protected
Email
2Bm emails
scanned/day
Web
1.2Bn web
requests
secured/day
Physical &
Virtual
Workloads
64K Datacenters
protected
Cloud
Security
12,000 cloud
applications
secured
IDENTIFY
VIP
Technology Considerations for the GDPR
Symantec Supports Across Data Privacy and Security
GDPR Resources
Copyright © 2018 Symantec Corporation SYMANTEC PROPRIETARY- LIMITED USE ONLY
Located in the Attachments Section of this Presentation
GDPR Resources
IDC GDPR Readiness Assessment
Benchmark your progress to GDPR
compliance
Privacy by Design
Uncover how to adopt this approach to
personal data security
Solving the Security Challenge
A technical review of GDPR and the
recommended solutions
Symantec GDPR Website
Visit our website for a complete list of
resources, tools, and onDemand videos
Copyright © 2018 Symantec Corporation SYMANTEC PROPRIETARY- LIMITED USE ONLY
Why Symantec
24
World Class
Information protection
Global Leader in
Cyber Security
Leading Breach
detection and
response
Unbiased and
lower operating
costs
Compliance
monitoring &
reporting
State of the Art
Technology
The General Data Protection Regulation:
Leveraging Technology for Breach Detection,
Notification, and Response
Ken Durbin, CISSP
Sr. Strategist of Global Government
Affairs and Cyber Security,
Symantec
Thank you!!

Más contenido relacionado

La actualidad más candente

Data Security and Regulatory Compliance
Data Security and Regulatory ComplianceData Security and Regulatory Compliance
Data Security and Regulatory ComplianceLifeline Data Centers
 
Approche intégrée de la gestion des risques, de la sécurité de l’information,...
Approche intégrée de la gestion des risques, de la sécurité de l’information,...Approche intégrée de la gestion des risques, de la sécurité de l’information,...
Approche intégrée de la gestion des risques, de la sécurité de l’information,...PECB
 
Data Risks In A Digital Age
Data Risks In A Digital Age Data Risks In A Digital Age
Data Risks In A Digital Age padler01
 
Fundamentals of Information Systems Security Chapter 3
Fundamentals of Information Systems Security Chapter 3Fundamentals of Information Systems Security Chapter 3
Fundamentals of Information Systems Security Chapter 3Dr. Ahmed Al Zaidy
 
How to keep out of trouble with GDPR: The case of Facebook, Google and Experian
How to keep out of trouble with GDPR: The case of Facebook, Google and ExperianHow to keep out of trouble with GDPR: The case of Facebook, Google and Experian
How to keep out of trouble with GDPR: The case of Facebook, Google and ExperianPECB
 
Fundamentals of Information Systems Security Chapter 9
Fundamentals of Information Systems Security Chapter 9Fundamentals of Information Systems Security Chapter 9
Fundamentals of Information Systems Security Chapter 9Dr. Ahmed Al Zaidy
 
Fundamentals of Information Systems Security Chapter 11
Fundamentals of Information Systems Security Chapter 11Fundamentals of Information Systems Security Chapter 11
Fundamentals of Information Systems Security Chapter 11Dr. Ahmed Al Zaidy
 
Fundamentals of Information Systems Security Chapter 6
Fundamentals of Information Systems Security Chapter 6Fundamentals of Information Systems Security Chapter 6
Fundamentals of Information Systems Security Chapter 6Dr. Ahmed Al Zaidy
 
Fundamentals of Information Systems Security Chapter 1
Fundamentals of Information Systems Security Chapter 1Fundamentals of Information Systems Security Chapter 1
Fundamentals of Information Systems Security Chapter 1Dr. Ahmed Al Zaidy
 
Defensible cybersecurity-jan-25th-
Defensible cybersecurity-jan-25th-Defensible cybersecurity-jan-25th-
Defensible cybersecurity-jan-25th-IT Strategy Group
 
Fundamentals of Information Systems Security Chapter 2
Fundamentals of Information Systems Security Chapter 2 Fundamentals of Information Systems Security Chapter 2
Fundamentals of Information Systems Security Chapter 2 Dr. Ahmed Al Zaidy
 
Data Protection Forum Brussels 230517 - Implementing GDPR
Data Protection Forum Brussels 230517 - Implementing GDPRData Protection Forum Brussels 230517 - Implementing GDPR
Data Protection Forum Brussels 230517 - Implementing GDPRJohn M Walsh
 
MCGlobalTech Consulting Service Presentation
MCGlobalTech Consulting Service PresentationMCGlobalTech Consulting Service Presentation
MCGlobalTech Consulting Service PresentationWilliam McBorrough
 
Fundamentals of Information Systems Security Chapter 4
Fundamentals of Information Systems Security Chapter 4Fundamentals of Information Systems Security Chapter 4
Fundamentals of Information Systems Security Chapter 4Dr. Ahmed Al Zaidy
 
Richard Hogg & Dennis Waldron - #InfoGov17 - Cognitive Unified Governance & P...
Richard Hogg & Dennis Waldron - #InfoGov17 - Cognitive Unified Governance & P...Richard Hogg & Dennis Waldron - #InfoGov17 - Cognitive Unified Governance & P...
Richard Hogg & Dennis Waldron - #InfoGov17 - Cognitive Unified Governance & P...ARMA International
 
Where data security and value of data meet in the cloud brighttalk webinar ...
Where data security and value of data meet in the cloud   brighttalk webinar ...Where data security and value of data meet in the cloud   brighttalk webinar ...
Where data security and value of data meet in the cloud brighttalk webinar ...Ulf Mattsson
 
Personal Data Protection in Indonesia
Personal Data Protection in IndonesiaPersonal Data Protection in Indonesia
Personal Data Protection in IndonesiaEryk Budi Pratama
 
Fundamentals of Information Systems Security Chapter 5
Fundamentals of Information Systems Security Chapter 5Fundamentals of Information Systems Security Chapter 5
Fundamentals of Information Systems Security Chapter 5Dr. Ahmed Al Zaidy
 
Come cambia la cybersecurity con il regolamento privacy europeo
Come cambia la cybersecurity con il regolamento privacy europeoCome cambia la cybersecurity con il regolamento privacy europeo
Come cambia la cybersecurity con il regolamento privacy europeoGiulio Coraggio
 
Information Security By Design
Information Security By DesignInformation Security By Design
Information Security By DesignNalneesh Gaur
 

La actualidad más candente (20)

Data Security and Regulatory Compliance
Data Security and Regulatory ComplianceData Security and Regulatory Compliance
Data Security and Regulatory Compliance
 
Approche intégrée de la gestion des risques, de la sécurité de l’information,...
Approche intégrée de la gestion des risques, de la sécurité de l’information,...Approche intégrée de la gestion des risques, de la sécurité de l’information,...
Approche intégrée de la gestion des risques, de la sécurité de l’information,...
 
Data Risks In A Digital Age
Data Risks In A Digital Age Data Risks In A Digital Age
Data Risks In A Digital Age
 
Fundamentals of Information Systems Security Chapter 3
Fundamentals of Information Systems Security Chapter 3Fundamentals of Information Systems Security Chapter 3
Fundamentals of Information Systems Security Chapter 3
 
How to keep out of trouble with GDPR: The case of Facebook, Google and Experian
How to keep out of trouble with GDPR: The case of Facebook, Google and ExperianHow to keep out of trouble with GDPR: The case of Facebook, Google and Experian
How to keep out of trouble with GDPR: The case of Facebook, Google and Experian
 
Fundamentals of Information Systems Security Chapter 9
Fundamentals of Information Systems Security Chapter 9Fundamentals of Information Systems Security Chapter 9
Fundamentals of Information Systems Security Chapter 9
 
Fundamentals of Information Systems Security Chapter 11
Fundamentals of Information Systems Security Chapter 11Fundamentals of Information Systems Security Chapter 11
Fundamentals of Information Systems Security Chapter 11
 
Fundamentals of Information Systems Security Chapter 6
Fundamentals of Information Systems Security Chapter 6Fundamentals of Information Systems Security Chapter 6
Fundamentals of Information Systems Security Chapter 6
 
Fundamentals of Information Systems Security Chapter 1
Fundamentals of Information Systems Security Chapter 1Fundamentals of Information Systems Security Chapter 1
Fundamentals of Information Systems Security Chapter 1
 
Defensible cybersecurity-jan-25th-
Defensible cybersecurity-jan-25th-Defensible cybersecurity-jan-25th-
Defensible cybersecurity-jan-25th-
 
Fundamentals of Information Systems Security Chapter 2
Fundamentals of Information Systems Security Chapter 2 Fundamentals of Information Systems Security Chapter 2
Fundamentals of Information Systems Security Chapter 2
 
Data Protection Forum Brussels 230517 - Implementing GDPR
Data Protection Forum Brussels 230517 - Implementing GDPRData Protection Forum Brussels 230517 - Implementing GDPR
Data Protection Forum Brussels 230517 - Implementing GDPR
 
MCGlobalTech Consulting Service Presentation
MCGlobalTech Consulting Service PresentationMCGlobalTech Consulting Service Presentation
MCGlobalTech Consulting Service Presentation
 
Fundamentals of Information Systems Security Chapter 4
Fundamentals of Information Systems Security Chapter 4Fundamentals of Information Systems Security Chapter 4
Fundamentals of Information Systems Security Chapter 4
 
Richard Hogg & Dennis Waldron - #InfoGov17 - Cognitive Unified Governance & P...
Richard Hogg & Dennis Waldron - #InfoGov17 - Cognitive Unified Governance & P...Richard Hogg & Dennis Waldron - #InfoGov17 - Cognitive Unified Governance & P...
Richard Hogg & Dennis Waldron - #InfoGov17 - Cognitive Unified Governance & P...
 
Where data security and value of data meet in the cloud brighttalk webinar ...
Where data security and value of data meet in the cloud   brighttalk webinar ...Where data security and value of data meet in the cloud   brighttalk webinar ...
Where data security and value of data meet in the cloud brighttalk webinar ...
 
Personal Data Protection in Indonesia
Personal Data Protection in IndonesiaPersonal Data Protection in Indonesia
Personal Data Protection in Indonesia
 
Fundamentals of Information Systems Security Chapter 5
Fundamentals of Information Systems Security Chapter 5Fundamentals of Information Systems Security Chapter 5
Fundamentals of Information Systems Security Chapter 5
 
Come cambia la cybersecurity con il regolamento privacy europeo
Come cambia la cybersecurity con il regolamento privacy europeoCome cambia la cybersecurity con il regolamento privacy europeo
Come cambia la cybersecurity con il regolamento privacy europeo
 
Information Security By Design
Information Security By DesignInformation Security By Design
Information Security By Design
 

Similar a Symantec Webinar Part 6 of 6 GDPR Compliance, Breach Notification, Detection, and Response

The Evolution of Data Privacy: 3 things you didn’t know
The Evolution of Data Privacy: 3 things you didn’t knowThe Evolution of Data Privacy: 3 things you didn’t know
The Evolution of Data Privacy: 3 things you didn’t knowSymantec
 
Data protection & security breakfast briefing master slides 28 june-final
Data protection & security breakfast briefing   master slides 28 june-finalData protection & security breakfast briefing   master slides 28 june-final
Data protection & security breakfast briefing master slides 28 june-finalDr. Donald Macfarlane
 
Data Protection & Security Breakfast Briefing - Master Slides_28 June_final
Data Protection & Security Breakfast Briefing - Master Slides_28 June_finalData Protection & Security Breakfast Briefing - Master Slides_28 June_final
Data Protection & Security Breakfast Briefing - Master Slides_28 June_finalDr. Donald Macfarlane
 
5 key steps for SMBs for reaching GDPR Compliance
5 key steps for SMBs for reaching GDPR Compliance5 key steps for SMBs for reaching GDPR Compliance
5 key steps for SMBs for reaching GDPR ComplianceGabor Farkas
 
Tech Connect Live 30th May 2018 ,GDPR Summit Hugh jones
Tech Connect Live 30th May 2018 ,GDPR Summit Hugh jonesTech Connect Live 30th May 2018 ,GDPR Summit Hugh jones
Tech Connect Live 30th May 2018 ,GDPR Summit Hugh jonesEvents2018
 
Explain your algorithmic decisions for gdpr
Explain your algorithmic decisions for gdprExplain your algorithmic decisions for gdpr
Explain your algorithmic decisions for gdprPierre Feillet
 
GDPR and NIS Compliance - How HyTrust Can Help
GDPR and NIS Compliance - How HyTrust Can HelpGDPR and NIS Compliance - How HyTrust Can Help
GDPR and NIS Compliance - How HyTrust Can HelpJason Lackey
 
The Evolution of Data Privacy: 3 Things You Need To Consider
The Evolution of Data Privacy:  3 Things You Need To ConsiderThe Evolution of Data Privacy:  3 Things You Need To Consider
The Evolution of Data Privacy: 3 Things You Need To ConsiderSymantec
 
Data Privacy Introduction
Data Privacy IntroductionData Privacy Introduction
Data Privacy IntroductionG Prachi
 
Singapore Cybersecurity Strategy and Legislation (for SMU Law School 2019)
Singapore Cybersecurity Strategy and Legislation (for SMU Law School 2019)Singapore Cybersecurity Strategy and Legislation (for SMU Law School 2019)
Singapore Cybersecurity Strategy and Legislation (for SMU Law School 2019)Benjamin Ang
 
GDPR: Data Privacy in the New
GDPR: Data Privacy in the NewGDPR: Data Privacy in the New
GDPR: Data Privacy in the Newaccenture
 
Ict Compliance (Sept 2004)
Ict Compliance (Sept 2004)Ict Compliance (Sept 2004)
Ict Compliance (Sept 2004)Lance Michalson
 
Privacy experience in Plone and other open source CMS
Privacy experience in Plone and other open source CMSPrivacy experience in Plone and other open source CMS
Privacy experience in Plone and other open source CMSInteraktiv
 
An Essential Guide to EU GDPR
An Essential Guide to EU GDPRAn Essential Guide to EU GDPR
An Essential Guide to EU GDPRTripwire
 
GDPR Complaince: Don't Let SIEM BE Your Downfall
GDPR Complaince: Don't Let SIEM BE Your DownfallGDPR Complaince: Don't Let SIEM BE Your Downfall
GDPR Complaince: Don't Let SIEM BE Your DownfallSplunk
 
CyNation - 7 things you should know about EU-GDPR
CyNation - 7 things you should know about EU-GDPRCyNation - 7 things you should know about EU-GDPR
CyNation - 7 things you should know about EU-GDPRShadi A. Razak
 
FORUM 2013 Cyber Risks - not just a domain for IT
FORUM 2013 Cyber Risks - not just a domain for ITFORUM 2013 Cyber Risks - not just a domain for IT
FORUM 2013 Cyber Risks - not just a domain for ITFERMA
 

Similar a Symantec Webinar Part 6 of 6 GDPR Compliance, Breach Notification, Detection, and Response (20)

The Evolution of Data Privacy: 3 things you didn’t know
The Evolution of Data Privacy: 3 things you didn’t knowThe Evolution of Data Privacy: 3 things you didn’t know
The Evolution of Data Privacy: 3 things you didn’t know
 
EENA2019: Track2 session3 Impact of GDPR on public safety organisations by M...
EENA2019: Track2 session3 Impact of  GDPR on public safety organisations by M...EENA2019: Track2 session3 Impact of  GDPR on public safety organisations by M...
EENA2019: Track2 session3 Impact of GDPR on public safety organisations by M...
 
Data protection & security breakfast briefing master slides 28 june-final
Data protection & security breakfast briefing   master slides 28 june-finalData protection & security breakfast briefing   master slides 28 june-final
Data protection & security breakfast briefing master slides 28 june-final
 
Data Protection & Security Breakfast Briefing - Master Slides_28 June_final
Data Protection & Security Breakfast Briefing - Master Slides_28 June_finalData Protection & Security Breakfast Briefing - Master Slides_28 June_final
Data Protection & Security Breakfast Briefing - Master Slides_28 June_final
 
5 key steps for SMBs for reaching GDPR Compliance
5 key steps for SMBs for reaching GDPR Compliance5 key steps for SMBs for reaching GDPR Compliance
5 key steps for SMBs for reaching GDPR Compliance
 
GDPR
GDPRGDPR
GDPR
 
Tech Connect Live 30th May 2018 ,GDPR Summit Hugh jones
Tech Connect Live 30th May 2018 ,GDPR Summit Hugh jonesTech Connect Live 30th May 2018 ,GDPR Summit Hugh jones
Tech Connect Live 30th May 2018 ,GDPR Summit Hugh jones
 
Explain your algorithmic decisions for gdpr
Explain your algorithmic decisions for gdprExplain your algorithmic decisions for gdpr
Explain your algorithmic decisions for gdpr
 
GDPR and NIS Compliance - How HyTrust Can Help
GDPR and NIS Compliance - How HyTrust Can HelpGDPR and NIS Compliance - How HyTrust Can Help
GDPR and NIS Compliance - How HyTrust Can Help
 
The Evolution of Data Privacy: 3 Things You Need To Consider
The Evolution of Data Privacy:  3 Things You Need To ConsiderThe Evolution of Data Privacy:  3 Things You Need To Consider
The Evolution of Data Privacy: 3 Things You Need To Consider
 
Data Privacy Introduction
Data Privacy IntroductionData Privacy Introduction
Data Privacy Introduction
 
Singapore Cybersecurity Strategy and Legislation (for SMU Law School 2019)
Singapore Cybersecurity Strategy and Legislation (for SMU Law School 2019)Singapore Cybersecurity Strategy and Legislation (for SMU Law School 2019)
Singapore Cybersecurity Strategy and Legislation (for SMU Law School 2019)
 
GDPR: Data Privacy in the New
GDPR: Data Privacy in the NewGDPR: Data Privacy in the New
GDPR: Data Privacy in the New
 
Ict Compliance (Sept 2004)
Ict Compliance (Sept 2004)Ict Compliance (Sept 2004)
Ict Compliance (Sept 2004)
 
Privacy experience in Plone and other open source CMS
Privacy experience in Plone and other open source CMSPrivacy experience in Plone and other open source CMS
Privacy experience in Plone and other open source CMS
 
An Essential Guide to EU GDPR
An Essential Guide to EU GDPRAn Essential Guide to EU GDPR
An Essential Guide to EU GDPR
 
GDPR Complaince: Don't Let SIEM BE Your Downfall
GDPR Complaince: Don't Let SIEM BE Your DownfallGDPR Complaince: Don't Let SIEM BE Your Downfall
GDPR Complaince: Don't Let SIEM BE Your Downfall
 
CyNation - 7 things you should know about EU-GDPR
CyNation - 7 things you should know about EU-GDPRCyNation - 7 things you should know about EU-GDPR
CyNation - 7 things you should know about EU-GDPR
 
FORUM 2013 Cyber Risks - not just a domain for IT
FORUM 2013 Cyber Risks - not just a domain for ITFORUM 2013 Cyber Risks - not just a domain for IT
FORUM 2013 Cyber Risks - not just a domain for IT
 
Cyber safe lambeth | GDPR taster
Cyber safe lambeth | GDPR tasterCyber safe lambeth | GDPR taster
Cyber safe lambeth | GDPR taster
 

Más de Symantec

Symantec Enterprise Security Products are now part of Broadcom
Symantec Enterprise Security Products are now part of BroadcomSymantec Enterprise Security Products are now part of Broadcom
Symantec Enterprise Security Products are now part of BroadcomSymantec
 
Symantec Webinar | National Cyber Security Awareness Month: Fostering a Secur...
Symantec Webinar | National Cyber Security Awareness Month: Fostering a Secur...Symantec Webinar | National Cyber Security Awareness Month: Fostering a Secur...
Symantec Webinar | National Cyber Security Awareness Month: Fostering a Secur...Symantec
 
Symantec Webinar | National Cyber Security Awareness Month: Protect IT
Symantec Webinar | National Cyber Security Awareness Month: Protect ITSymantec Webinar | National Cyber Security Awareness Month: Protect IT
Symantec Webinar | National Cyber Security Awareness Month: Protect ITSymantec
 
Symantec Webinar | National Cyber Security Awareness Month: Secure IT
Symantec Webinar | National Cyber Security Awareness Month: Secure ITSymantec Webinar | National Cyber Security Awareness Month: Secure IT
Symantec Webinar | National Cyber Security Awareness Month: Secure ITSymantec
 
Symantec Webinar | National Cyber Security Awareness Month - Own IT
Symantec Webinar | National Cyber Security Awareness Month - Own ITSymantec Webinar | National Cyber Security Awareness Month - Own IT
Symantec Webinar | National Cyber Security Awareness Month - Own ITSymantec
 
Symantec Webinar: Preparing for the California Consumer Privacy Act (CCPA)
Symantec Webinar: Preparing for the California Consumer Privacy Act (CCPA)Symantec Webinar: Preparing for the California Consumer Privacy Act (CCPA)
Symantec Webinar: Preparing for the California Consumer Privacy Act (CCPA)Symantec
 
Symantec Webinar | How to Detect Targeted Ransomware with MITRE ATT&CK
Symantec Webinar | How to Detect Targeted Ransomware with MITRE ATT&CKSymantec Webinar | How to Detect Targeted Ransomware with MITRE ATT&CK
Symantec Webinar | How to Detect Targeted Ransomware with MITRE ATT&CKSymantec
 
Symantec Mobile Security Webinar
Symantec Mobile Security WebinarSymantec Mobile Security Webinar
Symantec Mobile Security WebinarSymantec
 
Symantec Webinar Cloud Security Threat Report
Symantec Webinar Cloud Security Threat ReportSymantec Webinar Cloud Security Threat Report
Symantec Webinar Cloud Security Threat ReportSymantec
 
Symantec Cloud Security Threat Report
Symantec Cloud Security Threat ReportSymantec Cloud Security Threat Report
Symantec Cloud Security Threat ReportSymantec
 
Symantec Webinar | Security Analytics Breached! Next Generation Network Foren...
Symantec Webinar | Security Analytics Breached! Next Generation Network Foren...Symantec Webinar | Security Analytics Breached! Next Generation Network Foren...
Symantec Webinar | Security Analytics Breached! Next Generation Network Foren...Symantec
 
Symantec Webinar | Implementing a Zero Trust Framework to Secure Modern Workf...
Symantec Webinar | Implementing a Zero Trust Framework to Secure Modern Workf...Symantec Webinar | Implementing a Zero Trust Framework to Secure Modern Workf...
Symantec Webinar | Implementing a Zero Trust Framework to Secure Modern Workf...Symantec
 
Symantec Webinar | Tips for Successful CASB Projects
Symantec Webinar |  Tips for Successful CASB ProjectsSymantec Webinar |  Tips for Successful CASB Projects
Symantec Webinar | Tips for Successful CASB ProjectsSymantec
 
Symantec Webinar: What Cyber Threats Are Lurking in Your Network?
Symantec Webinar: What Cyber Threats Are Lurking in Your Network?Symantec Webinar: What Cyber Threats Are Lurking in Your Network?
Symantec Webinar: What Cyber Threats Are Lurking in Your Network?Symantec
 
Symantec Webinar: GDPR 1 Year On
Symantec Webinar: GDPR 1 Year OnSymantec Webinar: GDPR 1 Year On
Symantec Webinar: GDPR 1 Year OnSymantec
 
Symantec ISTR 24 Webcast 2019
Symantec ISTR 24 Webcast 2019Symantec ISTR 24 Webcast 2019
Symantec ISTR 24 Webcast 2019Symantec
 
Symantec Best Practices for Cloud Security: Insights from the Front Lines
Symantec Best Practices for Cloud Security: Insights from the Front LinesSymantec Best Practices for Cloud Security: Insights from the Front Lines
Symantec Best Practices for Cloud Security: Insights from the Front LinesSymantec
 
Symantec - The Importance of Building Your Zero Trust Program on a Solid Plat...
Symantec - The Importance of Building Your Zero Trust Program on a Solid Plat...Symantec - The Importance of Building Your Zero Trust Program on a Solid Plat...
Symantec - The Importance of Building Your Zero Trust Program on a Solid Plat...Symantec
 
Symantec Webinar | Redefining Endpoint Security- How to Better Secure the End...
Symantec Webinar | Redefining Endpoint Security- How to Better Secure the End...Symantec Webinar | Redefining Endpoint Security- How to Better Secure the End...
Symantec Webinar | Redefining Endpoint Security- How to Better Secure the End...Symantec
 
Symantec Webinar Using Advanced Detection and MITRE ATT&CK to Cage Fancy Bear
Symantec Webinar Using Advanced Detection and MITRE ATT&CK to Cage Fancy BearSymantec Webinar Using Advanced Detection and MITRE ATT&CK to Cage Fancy Bear
Symantec Webinar Using Advanced Detection and MITRE ATT&CK to Cage Fancy BearSymantec
 

Más de Symantec (20)

Symantec Enterprise Security Products are now part of Broadcom
Symantec Enterprise Security Products are now part of BroadcomSymantec Enterprise Security Products are now part of Broadcom
Symantec Enterprise Security Products are now part of Broadcom
 
Symantec Webinar | National Cyber Security Awareness Month: Fostering a Secur...
Symantec Webinar | National Cyber Security Awareness Month: Fostering a Secur...Symantec Webinar | National Cyber Security Awareness Month: Fostering a Secur...
Symantec Webinar | National Cyber Security Awareness Month: Fostering a Secur...
 
Symantec Webinar | National Cyber Security Awareness Month: Protect IT
Symantec Webinar | National Cyber Security Awareness Month: Protect ITSymantec Webinar | National Cyber Security Awareness Month: Protect IT
Symantec Webinar | National Cyber Security Awareness Month: Protect IT
 
Symantec Webinar | National Cyber Security Awareness Month: Secure IT
Symantec Webinar | National Cyber Security Awareness Month: Secure ITSymantec Webinar | National Cyber Security Awareness Month: Secure IT
Symantec Webinar | National Cyber Security Awareness Month: Secure IT
 
Symantec Webinar | National Cyber Security Awareness Month - Own IT
Symantec Webinar | National Cyber Security Awareness Month - Own ITSymantec Webinar | National Cyber Security Awareness Month - Own IT
Symantec Webinar | National Cyber Security Awareness Month - Own IT
 
Symantec Webinar: Preparing for the California Consumer Privacy Act (CCPA)
Symantec Webinar: Preparing for the California Consumer Privacy Act (CCPA)Symantec Webinar: Preparing for the California Consumer Privacy Act (CCPA)
Symantec Webinar: Preparing for the California Consumer Privacy Act (CCPA)
 
Symantec Webinar | How to Detect Targeted Ransomware with MITRE ATT&CK
Symantec Webinar | How to Detect Targeted Ransomware with MITRE ATT&CKSymantec Webinar | How to Detect Targeted Ransomware with MITRE ATT&CK
Symantec Webinar | How to Detect Targeted Ransomware with MITRE ATT&CK
 
Symantec Mobile Security Webinar
Symantec Mobile Security WebinarSymantec Mobile Security Webinar
Symantec Mobile Security Webinar
 
Symantec Webinar Cloud Security Threat Report
Symantec Webinar Cloud Security Threat ReportSymantec Webinar Cloud Security Threat Report
Symantec Webinar Cloud Security Threat Report
 
Symantec Cloud Security Threat Report
Symantec Cloud Security Threat ReportSymantec Cloud Security Threat Report
Symantec Cloud Security Threat Report
 
Symantec Webinar | Security Analytics Breached! Next Generation Network Foren...
Symantec Webinar | Security Analytics Breached! Next Generation Network Foren...Symantec Webinar | Security Analytics Breached! Next Generation Network Foren...
Symantec Webinar | Security Analytics Breached! Next Generation Network Foren...
 
Symantec Webinar | Implementing a Zero Trust Framework to Secure Modern Workf...
Symantec Webinar | Implementing a Zero Trust Framework to Secure Modern Workf...Symantec Webinar | Implementing a Zero Trust Framework to Secure Modern Workf...
Symantec Webinar | Implementing a Zero Trust Framework to Secure Modern Workf...
 
Symantec Webinar | Tips for Successful CASB Projects
Symantec Webinar |  Tips for Successful CASB ProjectsSymantec Webinar |  Tips for Successful CASB Projects
Symantec Webinar | Tips for Successful CASB Projects
 
Symantec Webinar: What Cyber Threats Are Lurking in Your Network?
Symantec Webinar: What Cyber Threats Are Lurking in Your Network?Symantec Webinar: What Cyber Threats Are Lurking in Your Network?
Symantec Webinar: What Cyber Threats Are Lurking in Your Network?
 
Symantec Webinar: GDPR 1 Year On
Symantec Webinar: GDPR 1 Year OnSymantec Webinar: GDPR 1 Year On
Symantec Webinar: GDPR 1 Year On
 
Symantec ISTR 24 Webcast 2019
Symantec ISTR 24 Webcast 2019Symantec ISTR 24 Webcast 2019
Symantec ISTR 24 Webcast 2019
 
Symantec Best Practices for Cloud Security: Insights from the Front Lines
Symantec Best Practices for Cloud Security: Insights from the Front LinesSymantec Best Practices for Cloud Security: Insights from the Front Lines
Symantec Best Practices for Cloud Security: Insights from the Front Lines
 
Symantec - The Importance of Building Your Zero Trust Program on a Solid Plat...
Symantec - The Importance of Building Your Zero Trust Program on a Solid Plat...Symantec - The Importance of Building Your Zero Trust Program on a Solid Plat...
Symantec - The Importance of Building Your Zero Trust Program on a Solid Plat...
 
Symantec Webinar | Redefining Endpoint Security- How to Better Secure the End...
Symantec Webinar | Redefining Endpoint Security- How to Better Secure the End...Symantec Webinar | Redefining Endpoint Security- How to Better Secure the End...
Symantec Webinar | Redefining Endpoint Security- How to Better Secure the End...
 
Symantec Webinar Using Advanced Detection and MITRE ATT&CK to Cage Fancy Bear
Symantec Webinar Using Advanced Detection and MITRE ATT&CK to Cage Fancy BearSymantec Webinar Using Advanced Detection and MITRE ATT&CK to Cage Fancy Bear
Symantec Webinar Using Advanced Detection and MITRE ATT&CK to Cage Fancy Bear
 

Último

Digital magic. A small project for controlling smart light bulbs.
Digital magic. A small project for controlling smart light bulbs.Digital magic. A small project for controlling smart light bulbs.
Digital magic. A small project for controlling smart light bulbs.francesco barbera
 
NIST Cybersecurity Framework (CSF) 2.0 Workshop
NIST Cybersecurity Framework (CSF) 2.0 WorkshopNIST Cybersecurity Framework (CSF) 2.0 Workshop
NIST Cybersecurity Framework (CSF) 2.0 WorkshopBachir Benyammi
 
Introduction to Quantum Computing
Introduction to Quantum ComputingIntroduction to Quantum Computing
Introduction to Quantum ComputingGDSC PJATK
 
Designing A Time bound resource download URL
Designing A Time bound resource download URLDesigning A Time bound resource download URL
Designing A Time bound resource download URLRuncy Oommen
 
AI Fame Rush Review – Virtual Influencer Creation In Just Minutes
AI Fame Rush Review – Virtual Influencer Creation In Just MinutesAI Fame Rush Review – Virtual Influencer Creation In Just Minutes
AI Fame Rush Review – Virtual Influencer Creation In Just MinutesMd Hossain Ali
 
9 Steps For Building Winning Founding Team
9 Steps For Building Winning Founding Team9 Steps For Building Winning Founding Team
9 Steps For Building Winning Founding TeamAdam Moalla
 
Cloud Revolution: Exploring the New Wave of Serverless Spatial Data
Cloud Revolution: Exploring the New Wave of Serverless Spatial DataCloud Revolution: Exploring the New Wave of Serverless Spatial Data
Cloud Revolution: Exploring the New Wave of Serverless Spatial DataSafe Software
 
Crea il tuo assistente AI con lo Stregatto (open source python framework)
Crea il tuo assistente AI con lo Stregatto (open source python framework)Crea il tuo assistente AI con lo Stregatto (open source python framework)
Crea il tuo assistente AI con lo Stregatto (open source python framework)Commit University
 
Apres-Cyber - The Data Dilemma: Bridging Offensive Operations and Machine Lea...
Apres-Cyber - The Data Dilemma: Bridging Offensive Operations and Machine Lea...Apres-Cyber - The Data Dilemma: Bridging Offensive Operations and Machine Lea...
Apres-Cyber - The Data Dilemma: Bridging Offensive Operations and Machine Lea...Will Schroeder
 
Do we need a new standard for visualizing the invisible?
Do we need a new standard for visualizing the invisible?Do we need a new standard for visualizing the invisible?
Do we need a new standard for visualizing the invisible?SANGHEE SHIN
 
Introduction to Matsuo Laboratory (ENG).pptx
Introduction to Matsuo Laboratory (ENG).pptxIntroduction to Matsuo Laboratory (ENG).pptx
Introduction to Matsuo Laboratory (ENG).pptxMatsuo Lab
 
IaC & GitOps in a Nutshell - a FridayInANuthshell Episode.pdf
IaC & GitOps in a Nutshell - a FridayInANuthshell Episode.pdfIaC & GitOps in a Nutshell - a FridayInANuthshell Episode.pdf
IaC & GitOps in a Nutshell - a FridayInANuthshell Episode.pdfDaniel Santiago Silva Capera
 
Cybersecurity Workshop #1.pptx
Cybersecurity Workshop #1.pptxCybersecurity Workshop #1.pptx
Cybersecurity Workshop #1.pptxGDSC PJATK
 
RAG Patterns and Vector Search in Generative AI
RAG Patterns and Vector Search in Generative AIRAG Patterns and Vector Search in Generative AI
RAG Patterns and Vector Search in Generative AIUdaiappa Ramachandran
 
Salesforce Miami User Group Event - 1st Quarter 2024
Salesforce Miami User Group Event - 1st Quarter 2024Salesforce Miami User Group Event - 1st Quarter 2024
Salesforce Miami User Group Event - 1st Quarter 2024SkyPlanner
 
Using IESVE for Loads, Sizing and Heat Pump Modeling to Achieve Decarbonization
Using IESVE for Loads, Sizing and Heat Pump Modeling to Achieve DecarbonizationUsing IESVE for Loads, Sizing and Heat Pump Modeling to Achieve Decarbonization
Using IESVE for Loads, Sizing and Heat Pump Modeling to Achieve DecarbonizationIES VE
 
Linked Data in Production: Moving Beyond Ontologies
Linked Data in Production: Moving Beyond OntologiesLinked Data in Production: Moving Beyond Ontologies
Linked Data in Production: Moving Beyond OntologiesDavid Newbury
 
UiPath Platform: The Backend Engine Powering Your Automation - Session 1
UiPath Platform: The Backend Engine Powering Your Automation - Session 1UiPath Platform: The Backend Engine Powering Your Automation - Session 1
UiPath Platform: The Backend Engine Powering Your Automation - Session 1DianaGray10
 
Spring24-Release Overview - Wellingtion User Group-1.pdf
Spring24-Release Overview - Wellingtion User Group-1.pdfSpring24-Release Overview - Wellingtion User Group-1.pdf
Spring24-Release Overview - Wellingtion User Group-1.pdfAnna Loughnan Colquhoun
 
Connector Corner: Extending LLM automation use cases with UiPath GenAI connec...
Connector Corner: Extending LLM automation use cases with UiPath GenAI connec...Connector Corner: Extending LLM automation use cases with UiPath GenAI connec...
Connector Corner: Extending LLM automation use cases with UiPath GenAI connec...DianaGray10
 

Último (20)

Digital magic. A small project for controlling smart light bulbs.
Digital magic. A small project for controlling smart light bulbs.Digital magic. A small project for controlling smart light bulbs.
Digital magic. A small project for controlling smart light bulbs.
 
NIST Cybersecurity Framework (CSF) 2.0 Workshop
NIST Cybersecurity Framework (CSF) 2.0 WorkshopNIST Cybersecurity Framework (CSF) 2.0 Workshop
NIST Cybersecurity Framework (CSF) 2.0 Workshop
 
Introduction to Quantum Computing
Introduction to Quantum ComputingIntroduction to Quantum Computing
Introduction to Quantum Computing
 
Designing A Time bound resource download URL
Designing A Time bound resource download URLDesigning A Time bound resource download URL
Designing A Time bound resource download URL
 
AI Fame Rush Review – Virtual Influencer Creation In Just Minutes
AI Fame Rush Review – Virtual Influencer Creation In Just MinutesAI Fame Rush Review – Virtual Influencer Creation In Just Minutes
AI Fame Rush Review – Virtual Influencer Creation In Just Minutes
 
9 Steps For Building Winning Founding Team
9 Steps For Building Winning Founding Team9 Steps For Building Winning Founding Team
9 Steps For Building Winning Founding Team
 
Cloud Revolution: Exploring the New Wave of Serverless Spatial Data
Cloud Revolution: Exploring the New Wave of Serverless Spatial DataCloud Revolution: Exploring the New Wave of Serverless Spatial Data
Cloud Revolution: Exploring the New Wave of Serverless Spatial Data
 
Crea il tuo assistente AI con lo Stregatto (open source python framework)
Crea il tuo assistente AI con lo Stregatto (open source python framework)Crea il tuo assistente AI con lo Stregatto (open source python framework)
Crea il tuo assistente AI con lo Stregatto (open source python framework)
 
Apres-Cyber - The Data Dilemma: Bridging Offensive Operations and Machine Lea...
Apres-Cyber - The Data Dilemma: Bridging Offensive Operations and Machine Lea...Apres-Cyber - The Data Dilemma: Bridging Offensive Operations and Machine Lea...
Apres-Cyber - The Data Dilemma: Bridging Offensive Operations and Machine Lea...
 
Do we need a new standard for visualizing the invisible?
Do we need a new standard for visualizing the invisible?Do we need a new standard for visualizing the invisible?
Do we need a new standard for visualizing the invisible?
 
Introduction to Matsuo Laboratory (ENG).pptx
Introduction to Matsuo Laboratory (ENG).pptxIntroduction to Matsuo Laboratory (ENG).pptx
Introduction to Matsuo Laboratory (ENG).pptx
 
IaC & GitOps in a Nutshell - a FridayInANuthshell Episode.pdf
IaC & GitOps in a Nutshell - a FridayInANuthshell Episode.pdfIaC & GitOps in a Nutshell - a FridayInANuthshell Episode.pdf
IaC & GitOps in a Nutshell - a FridayInANuthshell Episode.pdf
 
Cybersecurity Workshop #1.pptx
Cybersecurity Workshop #1.pptxCybersecurity Workshop #1.pptx
Cybersecurity Workshop #1.pptx
 
RAG Patterns and Vector Search in Generative AI
RAG Patterns and Vector Search in Generative AIRAG Patterns and Vector Search in Generative AI
RAG Patterns and Vector Search in Generative AI
 
Salesforce Miami User Group Event - 1st Quarter 2024
Salesforce Miami User Group Event - 1st Quarter 2024Salesforce Miami User Group Event - 1st Quarter 2024
Salesforce Miami User Group Event - 1st Quarter 2024
 
Using IESVE for Loads, Sizing and Heat Pump Modeling to Achieve Decarbonization
Using IESVE for Loads, Sizing and Heat Pump Modeling to Achieve DecarbonizationUsing IESVE for Loads, Sizing and Heat Pump Modeling to Achieve Decarbonization
Using IESVE for Loads, Sizing and Heat Pump Modeling to Achieve Decarbonization
 
Linked Data in Production: Moving Beyond Ontologies
Linked Data in Production: Moving Beyond OntologiesLinked Data in Production: Moving Beyond Ontologies
Linked Data in Production: Moving Beyond Ontologies
 
UiPath Platform: The Backend Engine Powering Your Automation - Session 1
UiPath Platform: The Backend Engine Powering Your Automation - Session 1UiPath Platform: The Backend Engine Powering Your Automation - Session 1
UiPath Platform: The Backend Engine Powering Your Automation - Session 1
 
Spring24-Release Overview - Wellingtion User Group-1.pdf
Spring24-Release Overview - Wellingtion User Group-1.pdfSpring24-Release Overview - Wellingtion User Group-1.pdf
Spring24-Release Overview - Wellingtion User Group-1.pdf
 
Connector Corner: Extending LLM automation use cases with UiPath GenAI connec...
Connector Corner: Extending LLM automation use cases with UiPath GenAI connec...Connector Corner: Extending LLM automation use cases with UiPath GenAI connec...
Connector Corner: Extending LLM automation use cases with UiPath GenAI connec...
 

Symantec Webinar Part 6 of 6 GDPR Compliance, Breach Notification, Detection, and Response

  • 1. The General Data Protection Regulation: Leveraging Technology for Breach Detection, Notification, and Response Ken Durbin, CISSP Sr. Strategist of Global Government Affairs and Cyber Security, Symantec
  • 2. Legal Disclaimer The materials contained in this presentation are not intended to provide, and do not constitute or comprise, legal advice on any particular matter and are provided for general information purposes only. You should not act or refrain from acting on the basis of any material contained in this presentation, without seeking appropriate legal or other professional advice.
  • 3. Agenda GDPR Overview Breach Notification Examples and Requirements Technology Considerations for GDPR GDPR Resources 1 2 3 4
  • 5. Copyright © 2018 Symantec Corporation SYMANTEC PROPRIETARY- LIMITED USE ONLY EU General Data Protection Regulation (GDPR) 5 28 Interpretations of the Data Protection Directive One Data Protection Regulation Harmonized across all EU member states TODAY: 2018: Right to be forgotten Parental Consent Data Protection Officer Extra-territoriality of GDPR Fines and penalties Joint Liability of Controllers and Processors Mandatory Breach Notification
  • 6. Copyright © 2018 Symantec Corporation SYMANTEC PROPRIETARY- LIMITED USE ONLY Who’s Who in the Protection of Personal Data 6 DATA CONTROLLER DATA SUBJECTDATA PROCESSOR DATA PROTECTION OFFICER Data Protection Officers are designated persons responsible for making sure the organization follows the new regulations. DATA PROTECTION AUTHORITY
  • 7. Copyright © 2018 Symantec Corporation SYMANTEC PROPRIETARY- LIMITED USE ONLY Who’s Who in the Protection of Personal Data The Regulatory Terms of Reference Article 4 paragraph 12: THE BREACH What can happen to data? “… a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, personal data transmitted, stored or otherwise processed” Recital 75: THE IMPACT What can happen to the data subject? “The risk to the rights and freedoms of natural persons, of varying likelihood and severity, may result from personal data processing which could lead to physical, material or non-material damage” GDPR / DPA REQUIREMENT: Prevent, Detect, Log, Report, Remedy GDPR / DPA EXPECTATION: Anticipate, Avoid, Mitigate, Compensate
  • 8. Copyright © 2018 Symantec Corporation SYMANTEC PROPRIETARY- LIMITED USE ONLY 8 The organization is subject to the GDPR for personal data processing operations performed by or on behalf of its entity(-ies) established in the European Union. The organization is not subject to the GDPR. Does the organization process personal data? Article 2(1) Is the organization established in the European Union? Article 3(1) Is the organization established in another location where a European Member State’s law applies? Article 3(3) Does the organization target individuals located in the European Union with commercial offerings? Article 3(2)(a) Does the organization monitor the behavior of individuals located in the European Union? Article 3(2)(b) The organization is subject to the GDPR for personal data processing operations related to such commercial offerings to, and/or monitoring of, individuals located in the European Union. The organization should appoint a representative in the European Union. Article 3(2), Article 27 NO Yes No Yes No Yes No Yes No Yes Are You Impacted by the GDPR?
  • 10. Copyright © 2018 Symantec Corporation SYMANTEC PROPRIETARY- LIMITED USE ONLY Breach Notification Requirements Articles 33, 34, Recitals 83, 85, 86, 87 10 Provision / Requirement What it Means? Mandatory personal data breach notification except if the data was adequately encrypted If you suffer a data breach, you must respond to it to understand and minimize the consequences, and you must report it within 72 hours to your competent authority, as well as, if appropriate, also to the impacted individuals. However no notification is required to the individuals where the data was adequately encrypted
  • 11. Copyright © 2018 Symantec Corporation SYMANTEC PROPRIETARY- LIMITED USE ONLY Should I Report My Breach?* 11 All breaches recordable under Article 33(5). Breach should be documented and record maintained by the controller. No requirement to notify supervisory authority or individuals The controller becomes “aware” of a personal data breach and assesses risk to individuals. Notify competent supervisory authority. If the breach affects individuals in more than one Member State, notify the lead supervisory authority No requirement to notify individuals. Notify affected individuals and, where required, provide information on steps they can take to protect themselves from consequences of the breach. No Yes No Yes Is the breach likely to result in a risk to individuals’ rights? and freedoms? Is the breach likely to result in a high risk to individuals’ rights and freedoms? *Based on ARTICLE 29 DATA PROTECTION WORKING PARTY Annex A
  • 12. Copyright © 2018 Symantec Corporation SYMANTEC PROPRIETARY- LIMITED USE ONLY Breach Notification Examples* Example Notify the supervisory authority? Notify the data subject? A controller stored a backup of an archive of personal data encrypted on a USB key. The key is stolen during a break-in. No. No. A controller maintains an online service. As a result of a cyber attack personal data of individuals are exfiltrated. Yes, report to the supervisory authority if there are likely consequences to individuals. Yes, report to individuals if the severity of the likely consequences to individuals is high. A brief power outage lasting several minutes at a controller’s call center. No. No. A controller suffers a ransomware attack which results in all data being encrypted. No back-ups are available and the data cannot be restored. Yes, report to the supervisory authority, if there are likely consequences to individuals as this is a loss of availability. Yes, report to individuals the possible effect of the lack of availability of the data. A controller operates an online marketplace. The marketplace suffers a cyber-attack and usernames, passwords and purchase history are published online by the attacker. Yes, report to lead supervisory authority if involves cross-border processing. Yes, as could lead to high risk. 12*Based on ARTICLE 29 DATA PROTECTION WORKING PARTY Annex B
  • 13. Copyright © 2018 Symantec Corporation SYMANTEC PROPRIETARY- LIMITED USE ONLY Breach Notification Examples, cont. Example Notify the supervisory authority? Notify the data subject? A website hosting company acting as a data processor identifies an error in the code which controls user authorization allowing any user access to the account details of other user. As the processor, the website hosting company must notify its affected clients (the controllers) without undue delay. If there is likely no high risk to the individuals they do not need to be notified. Medical records in a hospital are unavailable for the period of 30 hours due to a cyber-attack. Yes, the hospital is obliged to notify as high- risk to patient’s well-being and privacy may occur. Yes, report to the affected individuals. Personal data of a large number of students are mistakenly sent to the wrong mailing list with 1000+ recipients. Yes, report to supervisory authority. Yes, report to individuals depending on the scope and type of personal data involved and the severity of possible consequences. A direct marketing e-mail is sent to recipients in the “to:” or “cc:” fields, thereby enabling each recipient to see the email address of other recipients. Yes, notifying the supervisory authority may be obligatory if a large number of individuals are affected, and sensitive data are revealed or if other factors present high risks (e.g. the mail contains the initial passwords). Yes, report to individuals depending on the scope and type of personal data involved and the severity of possible consequences. 13*Based on ARTICLE 29 DATA PROTECTION WORKING PARTY Annex B
  • 14. Technology Considerations for the GDPR Preventing, Detecting & Responding to a Breach
  • 15. Copyright © 2018 Symantec Corporation SYMANTEC PROPRIETARY- LIMITED USE ONLY    The Symantec Data Loss Prevention Platform Architecture 23
  • 16. Copyright © 2018 Symantec Corporation SYMANTEC PROPRIETARY- LIMITED USE ONLY Encrypt Personal Data with Symantec The Symantec Encryption Portfolio 16 Protects individual files in transit and at rest from unauthorized parties FILE & FOLDER ENCRYPTION Protects email in transit and at rest from unauthorized parties EMAIL ENCRYPTION Renders data at rest on devices inaccessible to unauthorized parties ENDPOINT ENCRYPTION ENDPOINT ENCRYPTION MANAGEMENT SERVER ENCRYPTION MANAGEMENT SERVER Manages individual and group keys, creates encryption policies, and reports on encryption status. Third-party encryption management • BitLocker (Microsoft) • FileVault (Apple) • Opal compliant self-encrypting drives PROTECT
  • 17. Copyright © 2018 Symantec Corporation SYMANTEC PROPRIETARY- LIMITED USE ONLY Symantec Cloud Data Protection Obfuscate Data with Tokenization Symantec Cloud Data Protection Gateway Cloud Data Protection Token Map Repository User Cloud App Cloud Application Example: enterprise defined a policy to protect FIRST NAME And LAST NAME Fields in ServiceNow Without impacting the cloud apps’ functionality (e.g. search, sort e-mail) 17PROTECT
  • 18. Copyright © 2018 Symantec Corporation SYMANTEC PROPRIETARY- LIMITED USE ONLY Content Analysis (CAS) Hash Reputation Dual AV Predictive File Analysis Acceptable files passed through based on file reputation, whitelist/blacklist Signatures evaluated for known bad Analyzes code for malicious character Broker to Sandbox ICAP API .JAR .EXEPROXY Symantec Content Analysis and Malware Analysis Multiple Engines Detect & Prevent Advanced Persistent Threats 18 DETECT
  • 19. Copyright © 2018 Symantec Corporation SYMANTEC PROPRIETARY- LIMITED USE ONLY Symantec Security Analytics Can we quickly and thoroughly notify in the event of a breach? Within 72 hours of detection, the notification must: a) Describe the nature of the personal data breach including the categories and number of data subjects concerned and the categories and number of data records concerned; b) Recommend measures to mitigate the possible adverse effects of the personal data breach; c) Describe the consequences of the personal data breach; d) Describe the measures proposed or taken by the controller to address the personal data breach. • Security Analytics is able to provide full context of what happened before, during, and after a breach, including: – How the breach occurred – What data was compromised – What measures are needed to resolve it • Find all indicators of compromise associated with a data breach, including root cause analysis • Records of what files were lost or compromised make it easy identify personal data records that were lost 19 RESPOND
  • 20. Copyright © 2018 Symantec Corporation SYMANTEC PROPRIETARY- LIMITED USE ONLY Symantec Cyber Security Services Managed Cyber Defense A Comprehensive Integrated Portfolio for Every Stage of the Attack Lifecycle Track and Analyze Adversary Groups and Key Trends and Events around the globe for Actionable Intelligence DeepSight Intelligence Detect and Proactively Hunt for Targeted Attacks, Advanced Threats and Campaigns Managed Security Services Respond Quickly and Effectively to Credible Security Threats and Incidents Incident Response Strengthen Cyber Readiness to Build Employee Resiliency and Prevent Sophisticated Attacks Cyber Skills Development World-Class Security Expertise > Reactive to Proactive > Integrated, End-to-End Security Before an Attack During an Attack After an Attack Preparing for an Attack DETECT RESPOND PREPARE
  • 21. Copyright © 2018 Symantec Corporation SYMANTEC PROPRIETARY- LIMITED USE ONLY Advanced Breach Detection, Remediation, & Notification ATP Analytics Endpoint Email Server Web / CASB Cyber Security Services DLP CASB Web CDPEncryption Personal Data Protection Everywhere PROTECTDETECT RESPOND RECOVER Technology Risk Management DLP Data Insight CASB Audit CCS EPM Understand Data Risk Understand, Report, and Remediate Compliance Unparalleled Threat Intelligence Endpoint 175M endpoints protected Email 2Bm emails scanned/day Web 1.2Bn web requests secured/day Physical & Virtual Workloads 64K Datacenters protected Cloud Security 12,000 cloud applications secured IDENTIFY VIP Technology Considerations for the GDPR Symantec Supports Across Data Privacy and Security
  • 23. Copyright © 2018 Symantec Corporation SYMANTEC PROPRIETARY- LIMITED USE ONLY Located in the Attachments Section of this Presentation GDPR Resources IDC GDPR Readiness Assessment Benchmark your progress to GDPR compliance Privacy by Design Uncover how to adopt this approach to personal data security Solving the Security Challenge A technical review of GDPR and the recommended solutions Symantec GDPR Website Visit our website for a complete list of resources, tools, and onDemand videos
  • 24. Copyright © 2018 Symantec Corporation SYMANTEC PROPRIETARY- LIMITED USE ONLY Why Symantec 24 World Class Information protection Global Leader in Cyber Security Leading Breach detection and response Unbiased and lower operating costs Compliance monitoring & reporting State of the Art Technology
  • 25. The General Data Protection Regulation: Leveraging Technology for Breach Detection, Notification, and Response Ken Durbin, CISSP Sr. Strategist of Global Government Affairs and Cyber Security, Symantec Thank you!!